CVE Catalog

CVE-2026-55200

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile — higher than 50% of all known CVEs

Summary

libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Risk Assessment

An attacker can remotely take control of a system using the vulnerable libssh2 library, leading to data breaches, service disruption, or full IT environment compromise.

Recommendation

Immediately update libssh2 to a version containing the fix (commit 7acf3df) or later. If an update is not possible, restrict access to services using libssh2 to trusted networks only.

Original NVD description (English source)

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS